OS 是 Ubuntu 10.04 64-bit 並且已經做完 apt-get update && apt-get upgrade 後,還是被資安人員發現有安全性漏洞,理由是 Openssh 版本小於 5.6:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4478
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
處理方式:
只好用 tarball 更新,到 http://www.openssh.com/ 下載程式碼,在此隨便挑一處下載,再加上機器好像沒啥人在登入,就衝 openssh-5.8p1.tar.gz 吧!
$ cd /tmp
$ wget http://openbsd.org.ar/pub/OpenBSD/OpenSSH/portable/openssh-5.8p1.tar.gz
$ tar -xvf openssh-5.8p1.tar.gz
$ cd openssh-5.8p1
$ ./configure && make
只可惜沒那麼順利,會出現 OpenSSL headers missing 與 zlib.h 相關訊息,只好多裝一下:
$ sudo apt-get install zlib1g-dev libssl-dev
如此一來就能正常 configure && make && make install
只是,問題並沒這般解決,判斷 ssh & sshd 版本:
安裝前:
$ ssh -version
OpenSSH_5.3p1 Debian-3ubuntu5, OpenSSL 0.9.8k 25 Mar 2009
Bad escape character 'rsion'.
$ dpkg -s openssh-server
Package: openssh-server
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 796
Maintainer: Colin Watson <cjwatson@ubuntu.com>
Architecture: amd64
Source: openssh
Version: 1:5.3p1-3ubuntu5
...
用 telnet localhost 22 來查看
$ telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu5
安裝後,卻只有 ssh -version 顯示正確,其他的跟安裝前一樣:
$ ssh -version
OpenSSH_5.3p1 Debian-3ubuntu5, OpenSSL 0.9.8k 25 Mar 2009
Bad escape character 'rsion'.
查看預設 configure 結果:
configure: creating ./config.status
config.status: creating Makefile
config.status: creating buildpkg.sh
config.status: creating opensshd.init
config.status: creating openssh.xml
config.status: creating openbsd-compat/Makefile
config.status: creating openbsd-compat/regress/Makefile
config.status: creating ssh_prng_cmds
config.status: creating survey.sh
config.status: creating config.h
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: doc
PAM support: no
OSF SIA support: no
KerberosV support: no
SELinux support: no
Smartcard support:
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
libedit support: no
Solaris process contract support: no
Solaris project support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Host: x86_64-unknown-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fstack-protector-all
Preprocessor flags:
Linker flags: -fstack-protector-all
Libraries: -lcrypto -ldl -lutil -lz -lnsl -lcrypt -lresolv
Ubuntu 10.04 server 之 sshd 的設定檔預設是擺在 /etc/ssh/ 而執行檔在 /usr/sbin/sshd, /usr/bin/ssh 並且查看 /etc/init.d/ssh 裡頭的描述也都是用 /usr/sbin/sshd 來動作,因此就稍微改一下流程:
$ ./configure --sbindir=/usr/sbin
$ sudo make install
暫時運行的結果還正常,只是感覺還是整身的不乾淨的感覺
$ telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.8
沒有留言:
張貼留言